<?php
	if( $_SESSION['islogin']==NULL){ header('Location: index.php');}
	//print_r($_SESSION['cartConfirmCheckout']);
	if($_SESSION['cartConfirmCheckout'] != null){
		
		//print_r($_SESSION['cartConfirmCheckout']);
		$cartCfm  = $_SESSION['cartConfirmCheckout'];
		$addrNama = $cartCfm ['addrNama']; 
		$addrNoTel = $cartCfm ['addrNoTel']; 
		$addrAddress = $cartCfm ['addrAddress']; 
		$addrPoskod = $cartCfm ['addrPoskod'];
		$addrCity = $cartCfm ['addrCity']; 
		$addrState = $cartCfm ['addrState'];
		$addrCountry = $cartCfm ['addrCountry']; 

		$type_price = $cartCfm ['checkTypePrice'];
		$totalItem = $cartCfm ['checkTotalQtyItems'];
		$amount = $cartCfm ['checkAmount'];
		$items_price = $cartCfm ['checkItemsPrice'];
		$postage_price = $cartCfm ['checkPostagePrice'];
		$total_weight = $cartCfm ['checkTotalWeight'];
		$contentsItems = $cartCfm ['checkContentsItems'];
		$priceLocation = $cartCfm ['checkPriceLocation'];

			if($amount > 0){
				
				$createAddress= "INSERT INTO address(nama,notel,address, poskod, city, state_id, country_id,created_date) VALUES 
				('$addrNama','$addrNoTel','$addrAddress','$addrPoskod', '$addrCity','$addrState', '$addrCountry', NOW())";
				$resultAddress = $db->sql_query($createAddress);
				$addressToPostID = mysql_insert_id();
			
				$userLoginId = $_SESSION['userlogin_id']; 
				$status_payment = STATUSPROCESSING;
				$status_transaction = STATUSPROCESSING_TRANS;
				
				//Start get order no.
				$qSeq = "SELECT
						  CONCAT(prefix_name,DATE_FORMAT(NOW(),contain_format),seq_no) AS orderno
						FROM sequence
						WHERE TYPE = 'ORDER_NO'";
				$rSeq= $db->sql_list($qSeq);
				$order_no = $rSeq['orderno'];
				
				if(strlen($order_no) > 0){
					$updSeq= "UPDATE sequence SET SEQ_NO=SEQ_NO+1, modified_date=NOW() WHERE TYPE='ORDER_NO'";
					$resultSeq = $db->sql_query($updSeq);
				
				}
				// end get order no
				
				$createtransaction= "INSERT INTO transaction(user_id,order_no, amount, status_payment,status_transaction,total_item,items_price,postage_price,total_weight,type_price, shipping_address_id,isInvalid,created_date) 
							VALUES 
						($userLoginId,'$order_no', '$amount','$status_payment','$status_transaction','$totalItem','$items_price','$postage_price','$total_weight','$type_price','$addressToPostID','0', NOW())";
				$resulttransaction = $db->sql_query($createtransaction);
				$transaction_id = mysql_insert_id();
				
				if($resulttransaction){
				
					$orderId = $order_no;
					
					//get from define
					$vkey = VKEY;
					$merchantID = MERCHANTID;
					$vcode = md5($amount.$merchantID.$orderId.$vkey);
					
						$contentItemsInfo="";
						$count = 1;
						$br = "";
						foreach ($contentsItems as $id=>$qty) {
							$sql = 'SELECT * FROM item WHERE id = '.$id;
							$rCheck= $db->sql_total($sql);
							$rItem= $db->sql_list($sql);
							if($rCheck <> 0){
								$price = $rItem[$priceLocation];
								$totalprice = $rItem[$priceLocation] * $qty;
								$weight = $rItem['weight'];
								$totalweight = $weight * $qty;
								if($count > 1) $br ="%0A";
								$contentItemsInfo = $contentItemsInfo.$br.$count.")".$rItem['name'].", Price :RM".$price.", ".$qty." unit, Total price item :RM".$totalprice."   ";
								$count++;
								$createpurchaseproduct= "INSERT INTO purchaseproduct(transaction_id, item_id, quantity, pricetype,price,totalprice,weight,totalweight, created_date) 
												VALUES 
											('$transaction_id','$id', '$qty','$priceLocation','$price','$totalprice','$weight','$totalweight', NOW())";
								$resultpurchaseproduct = $db->sql_query($createpurchaseproduct);
							}
						}
						
						$QUser = "SELECT * from user where username = '$_SESSION[username]'";
						$QUresult = $db->sql_list($QUser);
						
						$domainFullWebUrl = domainFullWebUrl();
						$contentItemsInfo = str_replace('&','AND',$contentItemsInfo);
						
						$return['success'] = true;
						$return['merchantID'] = $merchantID;
						$return['amount'] = $amount;
						$return['orderId'] = $orderId;
						$return['name'] = $QUresult['name'];
						$return['email'] = $QUresult['email'];
						$return['notel'] = $QUresult['notel'];
						$return['desc'] = $contentItemsInfo;
						$return['vcode'] = $vcode;
						$return['returnurl'] = $domainFullWebUrl."transaction.php";
						
						$type_log = "Payment";
						$log = "Processing on payment";
						$log_desc = json_encode($return);
						$cTransLog= "INSERT INTO transaction_log(transaction_id,type_log, log, log_desc,created_date) 
							VALUES 
						($transaction_id,'$type_log', '$log','$log_desc', NOW())";
						$rTransLog = $db->sql_query($cTransLog);
						
						if($_SESSION['selectpayment']=='01'){
						?>
						
						<script>
						window.location = 'https://www.onlinepayment.com.my/NBepay/pay/<?php echo $return['merchantID'];  ?>/fpx.php?amount=<?php echo $return['amount'];  ?>&orderid=<?php echo $return['orderId'];  ?>&bill_name=<?php echo $return['name'];  ?>&bill_email=<?php echo $return['email'];  ?>&bill_mobile=<?php echo $return['notel'];  ?>&bill_desc=<?php echo $return['desc'];  ?>&returnurl=<?php echo $return['returnurl'];  ?>&vcode=<?php echo $return['vcode'];  ?>';
						//window.open = 'https://www.onlinepayment.com.my/NBepay/pay/<?php echo $return['merchantID'];  ?>/fpx.php?amount=<?php echo $return['amount'];  ?>&orderid=<?php echo $return['orderId'];  ?>&bill_name=<?php echo $return['name'];  ?>&bill_email=<?php echo $return['email'];  ?>&bill_mobile=<?php echo $return['notel'];  ?>&bill_desc=<?php echo $return['desc'];  ?>&returnurl=<?php echo $return['returnurl'];  ?>&vcode=<?php echo $return['vcode'];  ?>';
																				
						</script>
						<?php
						}else{
						?>
						
						<script>
						window.location = 'https://www.onlinepayment.com.my/NBepay/pay/<?php echo $return['merchantID'];  ?>/?amount=<?php echo $return['amount'];  ?>&orderid=<?php echo $return['orderId'];  ?>&bill_name=<?php echo $return['name'];  ?>&bill_email=<?php echo $return['email'];  ?>&bill_mobile=<?php echo $return['notel'];  ?>&bill_desc=<?php echo $return['desc'];  ?>&returnurl=<?php echo $return['returnurl'];  ?>&vcode=<?php echo $return['vcode'];  ?>';
						//window.open = 'https://www.onlinepayment.com.my/NBepay/pay/<?php echo $return['merchantID'];  ?>/fpx.php?amount=<?php echo $return['amount'];  ?>&orderid=<?php echo $return['orderId'];  ?>&bill_name=<?php echo $return['name'];  ?>&bill_email=<?php echo $return['email'];  ?>&bill_mobile=<?php echo $return['notel'];  ?>&bill_desc=<?php echo $return['desc'];  ?>&returnurl=<?php echo $return['returnurl'];  ?>&vcode=<?php echo $return['vcode'];  ?>';
																				
						</script>
						<?php
						}
				}
			}else{
				echo '
					<table width=500 align=center border=0 cellspacing=0 cellpadding=0>
					<tr>
						<td>
					<div style="margin-bottom:10px;font-family: tahoma; font-size: 11px;">';
					echo '<p style="padding:0px; margin:0px; color:red;"><b>'.$lang[CONTENT_ERROR_OCCUR].'</b></p>';
					
					echo '<span style="padding:10px;color:red;">Error in processing!</span><br />';
					
					echo '</div> </td></tr></table>';
			}
			
	
	
	}

?>